US2016234197A1PendingUtilityA1

Lawful interception of encrypted communications

48
Assignee: ERICSSON TELEFON AB L M (publ)Priority: Feb 7, 2012Filed: Apr 19, 2016Published: Aug 11, 2016
Est. expiryFeb 7, 2032(~5.6 yrs left)· nominal 20-yr term from priority
H04L 63/0428H04L 63/306H04L 63/0807H04L 63/062H04L 9/3213
48
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication.

Claims

exact text as granted — not AI-modified
1 - 5 . (canceled) 
     
     
         6 . A method of establishing an encrypted communication between a sending node and a receiving node, the method comprising, at the sending node:
 sending to a Key Management Server a request for a ticket, the request containing cryptographic information relating to the sending node;   receiving from the Key Management Server a key and information associated with an identifier, the identifier being usable by the Key Management Server to identify cryptographic information relating to the communication and stored at a database;   sending to the receiving node the ticket and identifier to establish the encrypted communication session with the receiving node; and   including second information derived from the information associated with the identifier in packets sent to the receiving node in the encrypted communication.   
     
     
         7 . A method of establishing an encrypted communication between a sending node and a receiving node, the method comprising, at the receiving node:
 receiving from a sending node a request to establish the encrypted communication, the request including a ticket and information associated with an identifier, the identifier being usable by a Key Management Server function to identify cryptographic information relating to the communication and stored at a database;   sending to the Key Management Server function a request message, the request message including the information associated with the identifier and further cryptographic information relating to the receiving node;   receiving from the Key Management Server function a second key to be used by the receiving node, and stored at a database, and   including second information derived from the information associated with the identifier in packets sent in the encrypted communication.   
     
     
         8 . The method of  claim 7 , wherein the receiving node further sends to the sending node information related to the generation of the second key to establish the encrypted communication between the sending node and receiving node. 
     
     
         9 . The method according to  claim 7 , wherein the second information derived from the information associated with the identifier is sent in the encrypted communication in any of a Secure Real-time Transport Protocol MKI header field, a Real-time Transport Protocol-extension header, an authentication tag, an additional field in a Secure Real-time Transport Protocol header, an additional field in a Real-time Transport Protocol header, and as an additional contributing source in a list of contributing sources in a Real-time Transport Protocol header. 
     
     
         10 - 12 . (canceled) 
     
     
         13 . A sending node for use in a communication network, the sending node comprising:
 a transmitter for sending to a Key Management Server a request for a ticket, the request containing cryptographic information relating to the sending node;   a receiver for receiving from the Key Management Server a key, a ticket and information associated with an identifier, the identifier being usable by the Key Management Server to identify cryptographic information relating to the communication and stored at a database;   the transmitter being further arranged to send to the receiving node the ticket and information associated with the identifier to establish the encrypted communication session with the receiving node; and   a processor arranged to include second information derived from the information associated with the identifier in packets sent to the receiving node in the encrypted communication.   
     
     
         14 . A receiving node for receiving an encrypted communication from a sending node, the receiving node comprising:
 a receiver for receiving from the sending node a request to establish the encrypted communication, the request including a ticket and information associated with an identifier, the identifier being usable by a Key Management Server function to identify cryptographic information relating to the communication and stored at a database;   a transmitter for sending to the Key Management Server function a request message, the request message including the ticket, information associated with the identifier and further cryptographic information relating to the receiving node;   the receiver being further arranged to receive from the Key Management Server function a second key to be used by the receiving node, and stored at a database; and   a processor arranged to include second information derived from the information associated with the identifier in packets sent in the encrypted communication.   
     
     
         15 . The receiving node of  claim 14  wherein the transmitter is further arranged to send to the sending node information relating to the generation of the second key to establish the encrypted communication. 
     
     
         16 .- 18 . (canceled)

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.